15 Oct
2021
15 Oct
'21
2:10 p.m.
Hi, I was surprised to learn that executing arbitrary commands via logfetch is the default in xymon and I think it shouldn't be. Overall it would make xymon a little bit more secure and if needed, it could be easily activated. Attached is the necessary patch for this, please let me know if this suits the general idea of xymon or if there are arguments against this measure. Thanks in advance! Cheers, Christoph patch: --- xymonclient.cfg.DIST +++ xymonclient.cfg.NEW @@ -15,7 +15,7 @@ XYMONCLIENTLOGS="$XYMONHOME/logs" # Where we store the client logfiles # Options to logfetch, the xymon binary which examines log files for recent changes. -LOGFETCHOPTS="" +LOGFETCHOPTS="--noexec" # Local Mode (Only) Options